Jetpack 4.2 brings you performance improvements along with some important security updates and enhancements to existing Jetpack modules.

Performance Enhancements

Jetpack requires a connection to the WordPress.com servers which helps offload processes from your own server and also opens up a wealth of features that you can use to speed up your site, protect your site, and increase engagement of your readers. All of these features rely on the communication between WordPress.com and your site.

Since these features rely on that back and forth communication, we’ve focused in this release to make that communication channel even more efficient. Below are some key points highlighting the improvements in performance comparing Jetpack version 4.1.x to Jetpack 4.2.

Key Points:

Front end database queries reduced by 69% for all front-end page views.

Reduced wp-admin database queries by 43%.

Memory usage improved by over 20% when the site is viewed by logged out users.

Improved load time by 9.9% on shared hosting environments

Please note these numbers don’t reflect all types of WordPress installs and plugin configurations. In these comparisons, we’re running the latest version of WordPress (4.5.3) and Jetpack is the only plugin installed. You might see different results with other setups and server configurations.

All of these features rely on the communication, and syncing of some data, between WordPress.com and your site. This data begins to sync when Jetpack is installed and connected to a WordPress.com User ID.

If you’d like to read in more detail about what we sync, why, and what we do with it, please refer to this support page.

Security

Our development team is always working to make Jetpack secure and safe to use on your sites. In Jetpack 4.2, we continue that work and have fixed a few vulnerabilities in this release.

Contact Form: we made changes to avoid potential formula injections in Contact Form submission exports.

General: XSS Vulnerability due to the misuse of the add_query_arg() function. Kudos to Karim Valiev, Mail.Ru Security Team

General: More changes to harden Jetpack security by implementing the hash_equals() function in an effort to avoid timing attacks when comparing strings. Thanks to Scott Arciszewski.

And more!

Shortcodes: Added several new parameters to the Dailymotion shortcode.

Custom CSS: added support for font-feature-settings in the Custom CSS Editor.